diff --git a/.github/actions/run-ee-server/action.yml b/.github/actions/run-ee-server/action.yml index 80a60f54ce..12dcebf67d 100644 --- a/.github/actions/run-ee-server/action.yml +++ b/.github/actions/run-ee-server/action.yml @@ -2,77 +2,57 @@ name: 'Run EE Server in a Docker container' description: 'Run EE server. Returns once server is ready. Only tested on Linux and macOS' # NOTE: do not share this server container with others # since it's using the default admin / admin credentials +outputs: + container-network: + description: Forwards the container's network name from setup-as-server + value: ${{ steps.setup-as-server.outputs.network-name }} + container-name: + description: Forwards the container name from setup-as-server + value: ${{ steps.setup-as-server.outputs.container-names }} inputs: # All inputs in composite actions are strings - registry-name: - description: Registry name - required: false - default: docker.io - registry-username: - description: Required for using release candidates - required: false - # Github Composite Actions can't access secrets - # so we need to pass them in as inputs - registry-password: - description: Required for using release candidates - required: false - image-name: - required: false - description: aerospike/aerospike-server-enterprise - default: 'aerospike/aerospike-server-enterprise' + oidc-provider-name: + description: For pulling server images from JFrog + required: true + oidc-audience: + description: For pulling server images from JFrog + required: true + features-content: + description: For enabling strong consistency + required: true server-tag: required: true description: Specify Docker tag - default: 'latest' where-is-client-connecting-from: required: false description: 'docker-host, separate-docker-container, "remote-connection" via DOCKER_HOST' default: 'docker-host' - env-vars: - required: false - description: Used to disable server features - default: 'STRONG_CONSISTENCY=1 SECURITY=1 MUTUAL_TLS=1' runs: using: "composite" steps: # Start up server - - - name: Log into registry to get non-public server RCs - # We can still pull public images while logged in, so just do this all the time to make things simple - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + - uses: aerospike/shared-workflows/.github/actions/setup-aerospike-server@48edf9ff59ab4da5f15915b22d8895f19ce7fd55 + id: setup-as-server with: - registry: ${{ inputs.registry-name }} - username: ${{ inputs.registry-username }} - password: ${{ inputs.registry-password }} - - - run: echo IMAGE_FULL_NAME=${{ inputs.registry-name }}/${{ inputs.image-name }}:${{ inputs.server-tag }} >> $GITHUB_ENV - shell: bash - - - run: echo CA_CERT_FILE_NAME="ca.cer" >> $GITHUB_ENV - shell: bash - - - run: echo TLS_PORT="4333" >> $GITHUB_ENV - shell: bash + enable-security: "true" + enable-tls: "true" + enable-strong-consistency: "true" + features-content: ${{ inputs.features-content }} + num-nodes: 1 + oidc-provider: ${{ inputs.oidc-provider-name }} + oidc-audience: ${{ inputs.oidc-audience }} + server-tag: ${{ inputs.server-tag }} + env-vars: DEFAULT_TTL=2592000\; - - name: 'macOS: install timeout command' - if: ${{ runner.os == 'macOS' }} - run: brew install coreutils - shell: bash - - # Github composite actions don't support env variables for the whole composite action, - # so this is a workaround - - id: get-container-name - run: echo container-name=aerospike >> $GITHUB_OUTPUT + - run: echo SUPERUSER_NAME_AND_PASSWORD="superuser" >> $GITHUB_ENV shell: bash - - run: ${{ inputs.env-vars }} bash ./run-ee-server.bash - working-directory: .github/workflows/docker-setup + - run: | + docker run --rm --network host aerospike/aerospike-tools asadm -U admin -P admin --enable --execute "manage acl \ + create user $SUPERUSER_NAME_AND_PASSWORD password $SUPERUSER_NAME_AND_PASSWORD \ + roles read-write-udf, sys-admin, user-admin, data-admin" shell: bash - env: - CONTAINER_NAME: ${{ steps.get-container-name.outputs.container-name }} - - # Configure tests - name: Install crudini to manipulate config.conf run: pipx install crudini --pip-args "-c ${{ github.workspace }}/.github/workflows/requirements.txt" @@ -89,19 +69,21 @@ runs: working-directory: test shell: bash - - run: echo SUPERUSER_NAME_AND_PASSWORD="superuser" >> $GITHUB_ENV - shell: bash - - name: Set credentials in config file run: | crudini --existing=param --set config.conf enterprise-edition user ${{ env.SUPERUSER_NAME_AND_PASSWORD }} crudini --existing=param --set config.conf enterprise-edition password ${{ env.SUPERUSER_NAME_AND_PASSWORD }} crudini --set config.conf tls enable true # Cannot use abs path because config.conf is copied into Docker container during cibuildwheel tests - crudini --set config.conf tls cafile ../.github/workflows/docker-setup/${{ env.CA_CERT_FILE_NAME }} - crudini --set config.conf tls keyfile ../.github/workflows/docker-setup/client.pem - crudini --set config.conf tls certfile ../.github/workflows/docker-setup/client.cer + tls_cert_dir=${{ steps.setup-as-server.outputs.tls-cert-dir }} + if [[ "${{ inputs.where-is-client-connecting-from }}" == "separate-docker-container" ]]; then + tls_cert_dir="/host${tls_cert_dir}" + fi + + crudini --set config.conf tls cafile $tls_cert_dir/ca.crt + crudini --set config.conf tls keyfile $tls_cert_dir/client.key + crudini --set config.conf tls certfile $tls_cert_dir/client.crt working-directory: test shell: bash @@ -121,7 +103,10 @@ runs: - name: Set IP address to Docker container for the server if: ${{ inputs.where-is-client-connecting-from == 'separate-docker-container' }} - run: echo SERVER_IP=$(docker container inspect -f '{{ .NetworkSettings.Networks.bridge.IPAddress }}' ${{ steps.get-container-name.outputs.container-name }}) >> $GITHUB_ENV + run: | + server_container_network_name=${{ steps.setup-as-server.outputs.network-name }} + # Go templating doesn't support selecting names with hyphens + echo SERVER_IP=$(docker container inspect -f json ${{ steps.setup-as-server.outputs.container-names }} | jq -r ".[].NetworkSettings.Networks.\"${server_container_network_name}\".IPAddress") >> $GITHUB_ENV shell: bash - name: Invalid input @@ -134,6 +119,6 @@ runs: - name: Set EE server's IP address and TLS name for test config run: | cluster_name=$(docker run --rm --network host aerospike/aerospike-tools asinfo -U admin -P admin -v "get-config:context=service" -l | grep -i cluster-name | cut -d = -f 2) - crudini --existing=param --set config.conf enterprise-edition hosts "${{ env.SERVER_IP }}:${{ env.TLS_PORT }}|${cluster_name}" + crudini --existing=param --set config.conf enterprise-edition hosts "${{ env.SERVER_IP }}:${{ steps.setup-as-server.outputs.tls-service-ports }}|${cluster_name}" working-directory: test shell: bash diff --git a/.github/workflows/build-and-run-stage-tests.yml b/.github/workflows/build-and-run-stage-tests.yml index 7b926e8f11..53ed12eb01 100644 --- a/.github/workflows/build-and-run-stage-tests.yml +++ b/.github/workflows/build-and-run-stage-tests.yml @@ -1,6 +1,12 @@ name: Build artifacts and run stage tests run-name: Build artifacts and run stage tests (registry-name=${{ inputs.registry-name }}, server-tag=${{ inputs.server-tag }}, test-macos-x86=${{ inputs.test-macos-x86 }}) +permissions: + contents: read + id-token: write + statuses: write + packages: read + on: workflow_dispatch: inputs: @@ -17,7 +23,6 @@ on: server-tag: type: string required: true - default: 'latest' description: 'Server docker image tag' test-macos-x86: required: true diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml index 3bddc6cecc..a4bb898485 100644 --- a/.github/workflows/build-artifacts.yml +++ b/.github/workflows/build-artifacts.yml @@ -5,6 +5,12 @@ run-name: Build artifacts (run_tests=${{ inputs.run_tests }}, registry-name=${{ # Optionally run tests on manylinux wheels # Then upload artifacts to Github +permissions: + id-token: write + statuses: write + packages: read + contents: read + on: workflow_dispatch: inputs: @@ -36,8 +42,7 @@ on: default: 'aerospike/aerospike-server-enterprise' server-tag: type: string - required: true - default: 'latest' + required: false description: 'Server docker image tag (e.g to test a client backport version)' test-file: required: false @@ -84,16 +89,11 @@ on: server-tag: type: string required: false - default: 'latest' test-file: required: false type: string default: '' secrets: - DOCKER_HUB_BOT_USERNAME: - required: true - DOCKER_HUB_BOT_PW: - required: true MAC_M1_SELF_HOSTED_RUNNER_PW: required: true diff --git a/.github/workflows/build-wheels.yml b/.github/workflows/build-wheels.yml index 2446545620..4f63f3473d 100644 --- a/.github/workflows/build-wheels.yml +++ b/.github/workflows/build-wheels.yml @@ -3,6 +3,12 @@ run-name: 'Build wheels (python-tags=${{ inputs.python-tags }}, platform-tag=${{ # Build wheels on all (or select) Python versions supported by the Python client for a specific platform +permissions: + id-token: write + statuses: write + packages: read + contents: read + on: workflow_dispatch: inputs: @@ -67,8 +73,7 @@ on: description: Image name default: 'aerospike/aerospike-server-enterprise' server-tag: - required: true - default: 'latest' + required: false description: 'Server docker image tag' test-file: required: false @@ -116,18 +121,12 @@ on: server-tag: required: false type: string - default: 'latest' description: 'Server docker image tag' test-file: required: false type: string default: '' secrets: - # Just make all the secrets required to make things simpler... - DOCKER_HUB_BOT_USERNAME: - required: true - DOCKER_HUB_BOT_PW: - required: true QE_DOCKER_REGISTRY_USERNAME: required: true QE_DOCKER_REGISTRY_PASSWORD: @@ -141,8 +140,6 @@ env: # Github mac m1 and windows runners don't support Docker / nested virtualization # so we need to use self-hosted runners to test wheels for these platforms RUN_INTEGRATION_TESTS_IN_CIBW: ${{ inputs.run_tests && (startsWith(inputs.platform-tag, 'manylinux') || inputs.platform-tag == 'macosx_x86_64') }} - REGISTRY_USERNAME: ${{ inputs.registry-name == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - REGISTRY_PASSWORD: ${{ inputs.registry-name == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} jobs: # Maps don't exist in Github Actions, so we have to store the map using a script and fetch it in a job @@ -224,11 +221,11 @@ jobs: - name: 'Run Aerospike server in Docker container and configure tests accordingly' if: ${{ env.RUN_INTEGRATION_TESTS_IN_CIBW == 'true' }} uses: ./.github/actions/run-ee-server + id: run-ee-server with: - registry-name: ${{ inputs.registry-name }} - registry-username: ${{ env.REGISTRY_USERNAME }} - registry-password: ${{ env.REGISTRY_PASSWORD }} - image-name: ${{ inputs.image-name }} + oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + features-content: ${{ secrets.FEATURES_CONTENT }} server-tag: ${{ inputs.server-tag }} where-is-client-connecting-from: ${{ inputs.platform-tag == 'macosx_x86_64' && 'docker-host' || 'separate-docker-container' }} @@ -303,6 +300,11 @@ jobs: # Just do it for all Python versions (even those that don't require more room) for futureproofing run: echo CIBW_ENVIRONMENT_MACOS="LDFLAGS='-headerpad_max_install_names'" >> $GITHUB_ENV + - if: ${{ env.RUN_INTEGRATION_TESTS_IN_CIBW == 'true' }} + run: | + echo CIBW_CONTAINER_ENGINE="docker;create_args: --network ${{ steps.run-ee-server.outputs.container-network }}" >> $GITHUB_ENV + shell: bash + - name: Build wheel uses: pypa/cibuildwheel@298ed2fb2c105540f5ed055e8a6ad78d82dd3a7e # v3.3.1 id: cibuildwheel @@ -342,10 +344,9 @@ jobs: # uses: mxschmitt/action-tmate@v3 # For debugging - - run: | - # Checks that server started up properly - docker logs aerospike - if: ${{ always() && env.RUN_INTEGRATION_TESTS_IN_CIBW == 'true' }} + # Checks that server started up properly + - if: ${{ !cancelled() && env.RUN_INTEGRATION_TESTS_IN_CIBW == 'true' }} + run: docker logs ${{ steps.run-ee-server.outputs.container-name }} shell: bash - name: Upload wheels to GitHub @@ -403,10 +404,9 @@ jobs: - uses: ./.github/actions/run-ee-server with: - registry-name: ${{ inputs.registry-name }} - registry-username: ${{ env.REGISTRY_USERNAME }} - registry-password: ${{ env.REGISTRY_PASSWORD }} - image-name: ${{ inputs.image-name }} + oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + features-content: ${{ secrets.FEATURES_CONTENT }} server-tag: ${{ inputs.server-tag }} where-is-client-connecting-from: ${{ inputs.platform-tag == 'win_amd64' && 'remote-connection' || 'docker-host' }} diff --git a/.github/workflows/bump-stage-and-upload-to-jfrog.yml b/.github/workflows/bump-stage-and-upload-to-jfrog.yml index 922c94de93..7d54364bdb 100644 --- a/.github/workflows/bump-stage-and-upload-to-jfrog.yml +++ b/.github/workflows/bump-stage-and-upload-to-jfrog.yml @@ -1,6 +1,11 @@ on: workflow_call: inputs: + dry-run: + required: false + default: false + type: boolean + description: "Don't tag or upload anything to JFrog" passed-dev-tag: type: string description: Dev tag to fast forward the stage branch to @@ -31,6 +36,7 @@ jobs: with: change: 'promote-dev-build-to-rc' ref: ${{ vars.STAGE_BRANCH_NAME }} + dry-run: ${{ inputs.dry-run }} secrets: inherit rebuild-artifacts-with-rc-version: @@ -50,6 +56,7 @@ jobs: uses: ./.github/workflows/upload-to-jfrog.yml with: version: ${{ needs.promote-dev-build-to-rc.outputs.new_version }} + dry-run: ${{ inputs.dry-run }} secrets: inherit # See reason for deleting artifacts in dev-workflow-p2.yml diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 30d88b6881..f9a273d067 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -5,6 +5,11 @@ name: Bump version on: workflow_dispatch: inputs: + dry-run: + required: false + default: false + type: boolean + description: "Don't tag" change: type: choice description: Python script name to update the version @@ -15,6 +20,11 @@ on: - promote-rc-build-to-release workflow_call: inputs: + dry-run: + required: false + default: false + type: boolean + description: "Don't tag" change: # Since workflow_call doesn't support 'options' input type, # we take in a string instead that must be a valid Python script name (excluding the .py part) @@ -93,4 +103,5 @@ jobs: with: new_version: ${{ needs.get-new-version.outputs.new_version }} ref: ${{ inputs.is_workflow_call && inputs.ref || github.ref }} + dry-run: ${{ inputs.dry-run }} secrets: inherit diff --git a/.github/workflows/dev-to-stage.yml b/.github/workflows/dev-to-stage.yml index 6874d6eba3..a008df6861 100644 --- a/.github/workflows/dev-to-stage.yml +++ b/.github/workflows/dev-to-stage.yml @@ -3,6 +3,25 @@ name: Dev to stage on: # This workflow manipulates the stage and dev branches regardless of the branch this workflow is run from workflow_dispatch: + inputs: + registry-name: + required: true + default: docker.io + description: 'Docker registry' + server-tag: + required: true + default: 'latest' + description: 'Server docker image tag' + # For debugging + dry-run: + required: false + default: false + type: boolean + description: "Don't tag or upload anything to JFrog" + test-file: + required: false + default: '' + description: 'new_tests/' jobs: # We want to skip the stage tests if the changes made between dev and stage wouldn't affect the results of the stage tests @@ -46,6 +65,9 @@ jobs: with: use_jfrog_builds: true jfrog-build-version-to-test: ${{ needs.compare-latest-dev-tag-and-stage.outputs.latest-dev-tag }} + registry-name: ${{ inputs.registry-name }} + server-tag: ${{ inputs.server-tag }} + test-file: ${{ inputs.test-file }} # Stage tests have passed or skipped # so it is safe to update the stage branch with the changes in dev, promote the version to an RC, and rebuild and upload the RC to JFrog @@ -62,4 +84,5 @@ jobs: uses: ./.github/workflows/bump-stage-and-upload-to-jfrog.yml with: passed-dev-tag: ${{ needs.compare-latest-dev-tag-and-stage.outputs.latest-dev-tag }} + dry-run: ${{ inputs.dry-run }} secrets: inherit diff --git a/.github/workflows/docker-setup/ca.cer b/.github/workflows/docker-setup/ca.cer deleted file mode 100644 index 6d09507328..0000000000 --- a/.github/workflows/docker-setup/ca.cer +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID2TCCAsGgAwIBAgIUS2sz3DHfTxANPRz3JwdN5V3IQsIwDQYJKoZIhvcNAQEL -BQAwezELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCVN0YXRlTmFtZTERMA8GA1UEBwwI -Q2l0eU5hbWUxFDASBgNVBAoMC0NvbXBhbnlOYW1lMRswGQYDVQQLDBJDb21wYW55 -U2VjdGlvbk5hbWUxEjAQBgNVBAMMCW15ZHVtbXljYTAgFw0yNTAzMDUyMzUwMzVa -GA85OTk5MTIzMTIzNTk1OVowezELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCVN0YXRl -TmFtZTERMA8GA1UEBwwIQ2l0eU5hbWUxFDASBgNVBAoMC0NvbXBhbnlOYW1lMRsw -GQYDVQQLDBJDb21wYW55U2VjdGlvbk5hbWUxEjAQBgNVBAMMCW15ZHVtbXljYTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALM9cBS9RwQvxP4jUrE3ig+v -QDrUtzKDUZqaVVWbMx70jiT1bE4umiWlEFSqlwIvORd4rbY/LfDvZq5HN59cOByC -ecW0kciAO1qFg9ds3DM7pQd9thk/X4RM2zQUyH0/aLqdRX6HGpzPCoQohwRF08Yd -NvJsIw0iSs7cYkf8h4KKlVBhgsnrqHqFfgnT4MF5amzpE5tDkiMvJIZoB74lh29T -JRkofqPNXrJExjH0KGbNrkaqnOAVM8bg9rsk9NUkMnWDvo40SRtNRbDqMfpF4JyG -GnqRu6EdKvSFjgA1u0ZgKqSOMAL7U9zA0oa02b5vtFXpBLsvODJwfst8dfCo0WUC -AwEAAaNTMFEwHQYDVR0OBBYEFFwbutYrFTa4cnP1kQzBK1mLihjkMB8GA1UdIwQY -MBaAFFwbutYrFTa4cnP1kQzBK1mLihjkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBADKvC0am4yS3jTBZNwyRkfPTvQ9/zp5imndlNr1HG+PVp4Yv -ZchMrqarFRd6aKzasJcm8bsVmXYSUd7JPkgVO5LiLuyLNwkEaL6+24pUeyFJAOF0 -AdOP2v2GddDPxIswQ/Rx2U2Yp2I2XFwuo0NEyMLPfambglknBBQji0vhsdxBeYxJ -NtxBHUb30ElPz6PwypH5QVnB2jrKLqtlwu8fP5evWs70JYgYEnBb72B1mvLeCvCr -ZusKJaqM04ezUM6NnGMrv7PrBjEcMg9MtA2Y8/1XNsaHp/9Fnpbd6uY4XDXsTxyW -BH6y+iVSBhJScZF0yEtXZgWtaNd/oMjt2978bnk= ------END CERTIFICATE----- diff --git a/.github/workflows/docker-setup/ca.pem b/.github/workflows/docker-setup/ca.pem deleted file mode 100644 index d844b0f64d..0000000000 --- a/.github/workflows/docker-setup/ca.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCzPXAUvUcEL8T+ -I1KxN4oPr0A61Lcyg1GamlVVmzMe9I4k9WxOLpolpRBUqpcCLzkXeK22Py3w72au -RzefXDgcgnnFtJHIgDtahYPXbNwzO6UHfbYZP1+ETNs0FMh9P2i6nUV+hxqczwqE -KIcERdPGHTbybCMNIkrO3GJH/IeCipVQYYLJ66h6hX4J0+DBeWps6RObQ5IjLySG -aAe+JYdvUyUZKH6jzV6yRMYx9Chmza5GqpzgFTPG4Pa7JPTVJDJ1g76ONEkbTUWw -6jH6ReCchhp6kbuhHSr0hY4ANbtGYCqkjjAC+1PcwNKGtNm+b7RV6QS7LzgycH7L -fHXwqNFlAgMBAAECggEAATa/eBHSFc1XBFuWjJxc2H9Y1tfS8nTLjC79uJ8ySO7i -DuOvReubNU8OsxbBVWKe0dxfh3ZFEuEkLQukF6BcbEEBScf6cW+rjJDj6YUTYVtx -jNaanEV+xEVwT0QmxBu2U1vg+RrkIL9m3v9BRCj5kVloTQWoynF61+IhM5iaYwAX -XLhdK9Vcc7hmKyTpWckO3MNUUMCScLBlIJBMQJE20raunJZqWD6NZiiKoOOydMoR -Td5qRpNan+vWT0UsLspQCZ9DXrx9EYHDzxwQj1ztfU4EXxpLkQowp6snKhVqyy53 -qJywx/6J6Vj4tkj6PUXtQNF5G1qg/I4UFvFzic7ZUQKBgQDcYZ9o1fUwti+87lYd -3kIb5v4ma5uZSrgZNYI+wrp1xg+dqOpoAzA8rsuZvrL/wPkafRZ8L1OJH0wo0FRB -JLMsclitY1YxiliiWKXX57BvnSaEiSmRIxdf/tMutdH4Bs8xnRhT7qFXgjowK+9G -T7OfKRQFQRlDn8lkeckdbpYVWQKBgQDQNZLFVsSaU9mdnBHnZn00q67lEGHH3B3w -hNopxNWljdz17loys7UVTHjQ4EXcthAgFLk/XKmEnqm5YRFtDbE+MPIpTATA9CoA -YILWB1fn4AfPvtdjsKHlMHK7ohyA3DURBC7Ijd7McwLNd09RudBykgZbYgNNMmMN -zzm/y/e+7QKBgGFGthaQWqolwOykR17nvEaUr5pF5WjEkn6OH++UBLn3suzkopNG -1QP0I+q5Qkmh5FLM5B/sw/LC3dsmGgqnKG92Ca5/KoyzhGwktQ+YNUkPFPFrme12 -j9rPoGf92bChUNOVhCeILa9yzDx3KCbhB2g5uZyYH465+StglmVnatgBAoGAPO2Q -d6L+gVLMOaz0KEz7krAyy+FRW9T0BfA6j0KEap/q6yTGzFN+SC9Ko4UdrIqyiVDH -LN2G1cJAVHktSkZZeaOFGcSfF3/b0qRrZQpdFQOgBZEJIqkLly/oQzQbNzI5bTNW -JWYurpFxXoLteTLw5rYImjFCWhLGncHoWlHru7kCgYBUV5JQqDsYRqsUkMCu+L1e -ESxnV7QhrBBnFqczbIyfvShwFtMW0oH1gvfcVNbOOmnlsZe2/Ru9DpixlfKhE1je -fB2ePPoYssyWF4h02juBU4yKRojYyGMYaN2ba+fVHzOsTFrhWnQE1nC6C3Hqf7Nh -GTsIT5fcyPAnx9OxPy/j1Q== ------END PRIVATE KEY----- diff --git a/.github/workflows/docker-setup/client.cer b/.github/workflows/docker-setup/client.cer deleted file mode 100644 index b3ebc6d7b8..0000000000 --- a/.github/workflows/docker-setup/client.cer +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEyDCCA7CgAwIBAgIUIETHVXivRIYcjdTxPSoh3RtC4ogwDQYJKoZIhvcNAQEL -BQAwezELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCVN0YXRlTmFtZTERMA8GA1UEBwwI -Q2l0eU5hbWUxFDASBgNVBAoMC0NvbXBhbnlOYW1lMRswGQYDVQQLDBJDb21wYW55 -U2VjdGlvbk5hbWUxEjAQBgNVBAMMCW15ZHVtbXljYTAgFw0yNTA2MTYxNjEwNTNa -GA85OTk5MTIzMTIzNTk1OVowezELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCVN0YXRl -TmFtZTERMA8GA1UEBwwIQ2l0eU5hbWUxFDASBgNVBAoMC0NvbXBhbnlOYW1lMRsw -GQYDVQQLDBJDb21wYW55U2VjdGlvbk5hbWUxEjAQBgNVBAMMCXN1cGVydXNlcjCC -AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALfGbEi8S6LpivbttTJSrFEb -TN7rjk7hjbxlF9BTWKmVjhdrOxQQmVEJMy6PMgR0HgWtn3aGW6LONYhpx01K2l9w -ZjB3BoJzNSXK3pRliIJofTUOhCdkwfHDwECWvPgaVmFgtxIexXMX2Kj/70fdncGk -ucjeYQFolFfRcKCKPV5E4UceH2blU427e/PH3vFE8VRmYAIK/yTy31e1ES1IbG3H -zcGDREWvA1RAqWcPeII65/vb++2xb8mW0JVQlE1mXIuLMtt3p7QVbK84ApgqxKxj -2qjcq4O4RMmMgmUXU1k5/PLkgPwct3JmzZzkbv8fXe5LuYokUMIlpsJH0gNfPjCo -sSZO34g1uf9HX/gszxA//27/O4yEgw9056+/bIAkMlLxP2VIyJB1WMjS6npv0A9D -D+mDhdub2Y7fjxlz9geR3xrceRZWh8kn0QSgfio3kEVQEQXwi27AVoJB8Xg3GUYN -F0eLsV57wrKFm/a2HmvVUzxL/aJOznaa8jsPNVGE845es4PMIYEHesTjeTn7umos -/XILme0iRqzB1KsCbjrUbar2JOo0gFYWtpUOOEG2VXvVdpBYTDZ48XyFqUeybhUV -XH3uQ7nemssYgdCqYpjHSS7jTEQrkkbofGd058XsmAon+bOexEJxZ0Fr4KlgRiUb -SUUpTBqyiSKItzUzO1ehAgMBAAGjQjBAMB0GA1UdDgQWBBRwXiTq3ZMAkXifcUKi -X9mkalOtWDAfBgNVHSMEGDAWgBRcG7rWKxU2uHJz9ZEMwStZi4oY5DANBgkqhkiG -9w0BAQsFAAOCAQEApptwoi388Qtypv3/ArFEmGfaiL5Dne0NbT003NHyRpI6WkZf -qnrZlrs8e46hqaqiEE8B8bIYX7ANZW8ZUCz+NAqvsY9QFlDytOVK3B/shEDCWAz6 -28edGAjeBXgJBX1yVQWQO882vux7Cgwut/ziBYQX9A5WNDkhj6PsvsGXqCq20C0B -E8xa5BitGNaVwSXqdSUipt3DofCZQzTRYBXgvQXPrzVOWpye/5ls/xux9oIVwIiO -P5WSNTj0J1vFUGlj8YSWLah9Lo52W94T00oQeRt5yAdkIaYzufwYYVzbcmlH5v23 -iRtOk9ZTxN/1VdT+3KGjj92ukH2McLrR1A1fWg== ------END CERTIFICATE----- diff --git a/.github/workflows/docker-setup/client.pem b/.github/workflows/docker-setup/client.pem deleted file mode 100644 index a3c2b51e37..0000000000 --- a/.github/workflows/docker-setup/client.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC3xmxIvEui6Yr2 -7bUyUqxRG0ze645O4Y28ZRfQU1iplY4XazsUEJlRCTMujzIEdB4FrZ92hluizjWI -acdNStpfcGYwdwaCczUlyt6UZYiCaH01DoQnZMHxw8BAlrz4GlZhYLcSHsVzF9io -/+9H3Z3BpLnI3mEBaJRX0XCgij1eROFHHh9m5VONu3vzx97xRPFUZmACCv8k8t9X -tREtSGxtx83Bg0RFrwNUQKlnD3iCOuf72/vtsW/JltCVUJRNZlyLizLbd6e0FWyv -OAKYKsSsY9qo3KuDuETJjIJlF1NZOfzy5ID8HLdyZs2c5G7/H13uS7mKJFDCJabC -R9IDXz4wqLEmTt+INbn/R1/4LM8QP/9u/zuMhIMPdOevv2yAJDJS8T9lSMiQdVjI -0up6b9APQw/pg4Xbm9mO348Zc/YHkd8a3HkWVofJJ9EEoH4qN5BFUBEF8ItuwFaC -QfF4NxlGDRdHi7Fee8KyhZv2th5r1VM8S/2iTs52mvI7DzVRhPOOXrODzCGBB3rE -43k5+7pqLP1yC5ntIkaswdSrAm461G2q9iTqNIBWFraVDjhBtlV71XaQWEw2ePF8 -halHsm4VFVx97kO53prLGIHQqmKYx0ku40xEK5JG6HxndOfF7JgKJ/mznsRCcWdB -a+CpYEYlG0lFKUwasokiiLc1MztXoQIDAQABAoICAAD6rtBG55Nv8Y3TXQODrFfM -y1CwmjbPox2UP3zx0BTBlMr0Ecck4lTrwCubofljLyyaJ5xo3B4OlvtZzpuZ84wD -ZBoBQltpgX3zb32Z2mZmfTdOMzRSCD9cFYnKkSnJxc4kRv7ILka+GL6SyYu9RwZK -1PNt7ZVQNo0kEwNvT83RKbmjKT6XPXtxeq2P0goV/dVfK8cLAl/IJwTsvzFkc8Z0 -ec38ikg28I+5/fpsJc5c1xMGRwNV2RSECBW+7YwJiKKfjIxzPg/6tr7qxPHFCudS -a2N6XzQXGY+7iXoq1lv7pVOb1decuroCc/lFwCp+GGt+WLgJ7ZURQLWY5B9g5NVj -eLToZFjhNUm6vWJkRWkZkR69qRveDsRj73gR9Rd8OQLjPgjP96gCiubzODZC45Eh -/OTj6IGJ9e6JSq814SJ4ICPmoxLi2bSaWhKzrTbblvPcNAdwsjJ/dYyR8gCxM7cU -HalGfWAovDsQjzqioyn2gTbgKNqYgkmHm954T82TqbnAGVeXkAbgtrDRtRBKqU// -WFhZ6ODcAYpql2Xbt4AJe8xog8xNFpDqdDz50szDDeidYyYINQc/WTOYuAWOG/aP -zAJvJmQMkl/v+7+ga1rVKPzDQL/fSwx2RPNZpcsVln5LSCTD3NGiKuO2Sut1sd7s -yVu8gl7ZeRWF+yfLnoFhAoIBAQDsvNhXNZXfcwZZVZTAJD422+BzvBON26mawNr/ -/Jb4JwMquJqGaY+yAaf3YXFM/HdZvEDOAbq7gIRX+Zkw+5P5Ur8qbgDyKYDDV57t -BAoGh7aixuoBC0QYoW780S2zjBWoanbaRr+xHJyEPmdYgiGR9rTr0Av425PyjAnr -Zp6SsT68T6plq4L7ByBc4F9fcBEWbVZzEwdadBpuhMym/I1F1YLO7fvmN6M/oK9H -Ni+KpXzk0xAF3w4/l5L+vdzoNQbkul3JV8tZIGe8a7lK4xlpJXwhKcDDQm55LT44 -BHGgsjBU8GWcoQuzGOpMiNJponu2x13iuItVCNVE1pcwAutxAoIBAQDGumM3OZXO -KqwOu3RipAMELpo4paoE8SwYYkSgxfAW0Vjvumdstu3NJhP4SCQYOygTVmAQhoTn -8czgzDS8yMYPiJTq2HP8O71ekndTcWz5LtY4z1WIGIGn01rPqB3jznjwpBkQ+T/O -XUpca2Bc3zPPlkk3gbxP/JIIic+hBrWJexjfgR/Q2sY/1vuAe3hdWhWmm5IzGd4T -hqG+4DtgCbrDtgSNVDS8KTvposM/H7LLAkCjxua5Udo1yMVUAWw4oXTA8CbuOJtv -Y3jv4XkGgK/0T0/7ZfUJAeuwhsHsPCM8egVdDhizyddcRPWkHlI4plKubuMwI4/3 -/J+wjHISBzcxAoIBAFURrzP3X3nCHZ/wbtl0rJ6N+GPeS7CIJLQlZQzjuWRGsI6j -c3OlbytqCO+OJmahukmWqjrcyDskfWoXmQLPBGdtYqBekxxx6YFIdSV6dBfQoMJx -dBkX8UpgiD9081U3m3i/eSIKlkuQmnWy7vQRHvsSigTK5+JvFQTtaYsbfxP7eS21 -+uc58IFAGFMHlX34CUvj0lLbnaLVYcIhGmFPE3zqsmylfAVILPNqTFHsmLzbprub -VICnnLkhQIMlusH+fBGpHpaBY+MND/nXQ+gzHyh3fdl05X3E22nT5i2++w3huhhr -ojfcbxXWeCs0Z1fqOUZ+8a/M3NSbrfdknUN1aSECggEAFfHdJOsJ/OM/br0KhB4C -a0LOKvU4SiVrriGj3HEfKxXhEU/vPdURe3b5+4/T1I0rxr7iCtEf+hD8g9Jo/HPb -UznM4AYZAMCED95yqNc8pmOiqlFS651xK9wuCgJRkqdpOYGVdwdfIWWx4XTGBltr -eD/rQ+LirZ6BbcnyEKESCOV8AKpcng6al9Ago7Z+uyhIfcZuJZB0solKcS6Hv/oz -EouWAxlKXYDcKdecYesZLkvIYY2ESvCb/RZ3m+gwUCycHPYoBmRf3bQJVcv7Nlmd -lIfxmBxRK7Z3lV28Kl8VsQb0cqss1SWzz2+aBI6Im9LaDIMYOWej7UmLRM6thgof -8QKCAQEAoTd/lynH1+DnoDNRWLvXTkyTiZ8T9DJT632K94J2cHcXJ+uhdhDGrLPq -5kahYb8Ji/O+i/ti75D6rF8FkJoYwNbmwDzftD98pdoX+vEZRhLWi6BeU8vEvVWK -Wq/6U7n7RFNJBRmr4TLNHoIdDnfuIpxjbCdAG4Hd/kL7ULs30SuXTb+tYKZzw+4G -XpONoWCP17Or9ZV4/PftYdk3XJaEc4nLEIfL2BZErpNSV8Jm62Xj8JCsheAPDN1L -2kWSf4wYySstpc+qvejdn0kWiaVB6A6sqXrHMWUE5pdWLECURC2l/Wd/9e13ll12 -bTJcNI/1lR7ZONcgBG7vh43FD3Yk8w== ------END PRIVATE KEY----- diff --git a/.github/workflows/docker-setup/server.cer b/.github/workflows/docker-setup/server.cer deleted file mode 100644 index 504882b3e4..0000000000 --- a/.github/workflows/docker-setup/server.cer +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIExTCCA62gAwIBAgIUVrnirMWwziBzL5bjtlhX3KDwPwgwDQYJKoZIhvcNAQEL -BQAwezELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCVN0YXRlTmFtZTERMA8GA1UEBwwI -Q2l0eU5hbWUxFDASBgNVBAoMC0NvbXBhbnlOYW1lMRswGQYDVQQLDBJDb21wYW55 -U2VjdGlvbk5hbWUxEjAQBgNVBAMMCW15ZHVtbXljYTAgFw0yNTEyMDQxNzUwMDZa -GA85OTk5MTIzMTIzNTk1OVoweDELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCVN0YXRl -TmFtZTERMA8GA1UEBwwIQ2l0eU5hbWUxFDASBgNVBAoMC0NvbXBhbnlOYW1lMRsw -GQYDVQQLDBJDb21wYW55U2VjdGlvbk5hbWUxDzANBgNVBAMMBmRvY2tlcjCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALmq454JVsP6T+OEcChKXu9zYODm -2m7WU5KKGgom4FgK44kGPNB6gbfUBOeFMbvoviEKb5ygfkwJpDECGbwGXuLMQjIk -wtZvJogAivk7TdRbP8sglKjnjTgG7SqUjmNykkMyk+9WSOcUGODhj9YRK9Qb2h9/ -eyI4iaZ1DQQgrSybPj5jw3d+sqRyUuvwiMbfOWe5n6CvRtDTqUII2gTGw5x86CEe -sCVdfkSn4FNjdBbnYz1UR41Pg4S8d3h9O+HLWNmOWej91ytga5pkuNcp2UmNKkNk -KLD3bFhnNKnvp3zgga17UsTiDefVxTiH9K197tQ+zr3b5bPs/UIYfA+InWzPyJlT -8cHmBQwVLPhWT+lMk1jZcc0Zwogf9Gd3USwuqAngW6C13b89Bk9dxdsw2xnydSGC -1CcOU6quQMai5BgOVhQqLLdYsjCQUFOa4Nqy7+pS4igYv19aIs3PpVJyKvEjf+jR -kFw7PvcQMyrNPVLo8JjqUUtw63pUY9RVCnkXUsixuLfhgLzEFUR9Qc/75tWoSQ4v -7UvNZdh+FPzVNJlWpCjqBos2sT5SuPcvif2L1Bs9rCdZsnhkQyCz7PpGfoeCtuD/ -ZaJuCp/P0WyiMaUbeCTqjLrFHvYqs5wg9rYEOfPACHYt+VL2qWVtiSx3Kc3M7LNb -a+lMwbxgzfpCsI9nAgMBAAGjQjBAMB0GA1UdDgQWBBQHLdxWoy+93fyw89lDXDkK -3Z4UUzAfBgNVHSMEGDAWgBRcG7rWKxU2uHJz9ZEMwStZi4oY5DANBgkqhkiG9w0B -AQsFAAOCAQEAoi+g+EmqtwFLMMvRNx/5TvdUhS57NRAxwYXDNtKrwXFMYBIXUgiu -fCltdVTh7toxL8S5of3icEYvd+zdZu3X5zKyBP67hujQ3zFem16x5U+Ux4/SWLxQ -LpwFlIw5bEmqsot/8nj8+RVfo8XcaVShSTQ4ie+wt0RqkUATwLkkEXGYyOyHzFtt -VxKhCVVwPnklT8bQ3LZOzzaiYs1lYoFBLSqnpkGyIB0vukXqaWkn4jOfg1u9hfKw -cKp9MK5Niko0eHf5lbFXudeYaKrrpzDFyeNx25CXyn/Yyx5Nhc/sd5teHUXYl3bU -k+l8/BV3MnOxCgxj9pjCz3grssKIJN9wuw== ------END CERTIFICATE----- diff --git a/.github/workflows/docker-setup/server.pem b/.github/workflows/docker-setup/server.pem deleted file mode 100644 index 0175740af5..0000000000 --- a/.github/workflows/docker-setup/server.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5quOeCVbD+k/j -hHAoSl7vc2Dg5tpu1lOSihoKJuBYCuOJBjzQeoG31ATnhTG76L4hCm+coH5MCaQx -Ahm8Bl7izEIyJMLWbyaIAIr5O03UWz/LIJSo5404Bu0qlI5jcpJDMpPvVkjnFBjg -4Y/WESvUG9off3siOImmdQ0EIK0smz4+Y8N3frKkclLr8IjG3zlnuZ+gr0bQ06lC -CNoExsOcfOghHrAlXX5Ep+BTY3QW52M9VEeNT4OEvHd4fTvhy1jZjlno/dcrYGua -ZLjXKdlJjSpDZCiw92xYZzSp76d84IGte1LE4g3n1cU4h/Stfe7UPs692+Wz7P1C -GHwPiJ1sz8iZU/HB5gUMFSz4Vk/pTJNY2XHNGcKIH/Rnd1EsLqgJ4Fugtd2/PQZP -XcXbMNsZ8nUhgtQnDlOqrkDGouQYDlYUKiy3WLIwkFBTmuDasu/qUuIoGL9fWiLN -z6VScirxI3/o0ZBcOz73EDMqzT1S6PCY6lFLcOt6VGPUVQp5F1LIsbi34YC8xBVE -fUHP++bVqEkOL+1LzWXYfhT81TSZVqQo6gaLNrE+Urj3L4n9i9QbPawnWbJ4ZEMg -s+z6Rn6Hgrbg/2Wibgqfz9FsojGlG3gk6oy6xR72KrOcIPa2BDnzwAh2LflS9qll -bYksdynNzOyzW2vpTMG8YM36QrCPZwIDAQABAoICAB3gCC15xeMATV0ysPQKuNPs -INPk0ZOxcP53XPvyiCQikbzkAA0bvpuxxfLq/7cDcEnTarotKPqwjSGa+5ZsVVWb -wFsJMetcieVVu7Ghf+3Xm6A3vIlLw5wW9o/kxN9DpD1OeiIHeZuVJEZV2oB7gC3q -fWKWxLLGSNU7/b2C9IU6RahhrSYhK5BCb7f/RZhFJZuHHCRi5RDdE13IxtarP6Et -MrzW5J5ejjQbPywBKMDhYpqPtnkKflhxawKRmX0aQfsKaMqQwyVQ/SokDYoG9dZb -8fJTaijE50N3ooW68PGrE7Kye/2qJ3VSdHWa4B1lJ3Tc1loTyWug3++EDmesIoha -EjQuNQ25n+FfCKUpBdXFzYrSNc8WNddHz0b1z0tadq4Pfj92m0mHngcS+zPQwHHt -1O9pqdH6Q2841Cmm2EclevYh874z6C7Fyr78zfpHC1SaJHX6R2Mt/+oleTUpjxwb -0OnnzdOIPZv0zd4uVtMQPjC3SOwPuem8fGexrckxzFDdAH8dXEBLzoSF+OI6AQW1 -YEMbaqpVRbVJwS9cA3I3hxBKUAIGOTxHu4fNBSPNgdF0eyO+dN3CukRvbBGfi3QZ -Tyip6LVu5ssPFgFVxqbQScnhakzQW1ao2PCUMGBWq72gPvmsUUuhXD3SpFOPInKX -q0nXetzXidasewMpT8iBAoIBAQD935Lix2icEie0OdW13SVl3SsTD2Crvk4rZwyY -myq9K3W5OhbQpn2ezLuXUDtQxaxiKXB4YpvWyox8GG1dx0z+kaqK5SZXzYiDMdkh -uO0Cp1OCrTnV/DZpSjvAXV5OfnZr/RPJaDhvT8kibtKIUQZ3svJhBxT50TPq8Tps -KkX+kQARpDI07j8E8yD1jp8/e/cXe6rcZZJ3AIEq2YZ7j46KNyznCqJTACUBmVgX -tl4++X4sW4o6zsc92RmuPAYCDwFntpIqSFAMV0+ywL0cyQMXUJp9BZpGtYkgS5Be -MC3++oHCOO+1tM1C/xtvG58a/zQg1zNM42qi5nVeZiM/KQFRAoIBAQC7OQylkmoF -3zRKLab43sZWbk5oeBQpRr07oqaVy6G4Y2p5gCTSNrPnhGlyDX4uYENM3jEwJ6fs -7M7rev09KvRaY7Sxt1zFDR3KiH9ndaJoYxt0asnYRS4NvYogztUpGuEPCs0ubClY -nHEIwAg3uYspg80uMstHR32CUbX0ZTIJ5UquWpixoxaWea/NSi7iui2uFH06iAFT -ar/KUc06y2Bv83qJsXRoKQ8xy7O7CV2ocu5aY0jkauvHWR6DTMgYGPKVyrDRQwOr -8pPYzqTxKamVcM1R4Yq59zCrYhaDFYd+TYz0WDOwa0z17Q1UoxFvcQYedbn+TLPy -r0SGhiUs0xc3AoIBAQDWnOvlPkGWvlpGJyYcychVpnRFdph4VzZpxoGFeJbWuCia -3xpuZHCJj/V9Ytvh2llx2ioz+thW6X99YIED5/mUsruDE1gonZ2rmrY9pcDmn2Ef -dSURWlb9Bz4fzk5s+MdPXvAdMTeUEdSsgRcFGcnn4qS3lW8MCOhk0mxbCBmHrDhs -sWuoB0fK/WV9cIX6+ubVOTwleNAqPYj0GlNvnNoYya/x2LGEjPi7s1AfK5Hclrks -8m2WbTtNc3wcKK3Di7/aVyKVD/BrnlvHdtvnu54bVY5j5hqXb9tuK7LtjLk1dbu/ -3rX129QxsMsWUDlebyM4J/Q8KXv6HexWUu209QshAoIBAE9LeVTC706vW2kzbq2n -RN+kdmb+vKNCx7DzUZTOGx+KU7VEFdRGwOmEhlh86H1h3f83eCPKF/Bb18OaYpk+ -kSGbaxN98reut3hpWXSLOQ73MtCazgRgQIInTdJZZ6SyMrH5RC+uNdDG6YToOFLJ -rewWW5d+geQdnkXMr8Dj/057o6a2zkcmKNHwlgnfqn3ylphNK0DYC5+17acWAFMv -ghfISpT46LGY+kt/2A6Wh+lpTBRSSrQbqOLUlvzLT1ANeOkCYOMwe+SeqAnCc8+E -csPNc9iDKwtaa22a7Kf2PV28IL/4f2Pv/jeGgAfhzOejOhE6kVzoRaq6ms5TEHms -qf8CggEBAJAIoRCE9ybPqjPeaXge2+JYp5wd+s54umkI4uufWa20R33+Yp0oxkIn -CpgxPH+jvgXRYFD+ZwpYVsAhdgN7j1o0JdthdWWyxT4yT5+XtM85bgWivtYVEJXr -q/a4kJB6LP+B4BujMvWK9gkLEa4t8CqD/MtVrFD0QE07aTyEhkDd1HNAUi/k0+0B -W2wfsqK2G03FVGnIijk4Ip8hwoR5cdP8MEs6PbcixR9XIByHH+qS2I3ImfeZRqPw -RHOQ1G7tt4Z5Rf8tzyZqWYRarehvNcf6FHw35PfTseQheTxSkfS9T9xtebCJu0Uh -4f7/1IN8kpQ8H9uar8/YmPYyP+jqXOk= ------END PRIVATE KEY----- diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index de5e125895..aab92b85f1 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -1,12 +1,7 @@ name: Smoke tests permissions: contents: read - -env: - LOWEST_SUPPORTED_PY_VERSION: '3.10' - # pull_request event doesn't support inputs - REGISTRY_NAME: ${{ github.event_name == 'workflow_dispatch' && inputs.registry-name || 'docker.io' }} - SERVER_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.server-tag || 'latest' }} + id-token: write # Trigger test workflow whenever: # 1. A pull request is updated (e.g with new commits) @@ -27,18 +22,17 @@ on: - benchmarks/**/* workflow_dispatch: inputs: - # Used to test server RCs - registry-name: - description: Registry name - type: string - default: docker.io - required: true server-tag: description: Server tag type: string - default: latest required: true +env: + LOWEST_SUPPORTED_PY_VERSION: '3.10' + # pull_request event doesn't support inputs + # Our JFrog docker repo doesn't automatically update the latest tag, so we can't use it (it currently points to an old nightly build) + SERVER_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.server-tag || '8.1' }} + jobs: build: runs-on: ubuntu-22.04 @@ -122,10 +116,10 @@ jobs: - name: Run Aerospike server uses: ./.github/actions/run-ee-server with: - registry-name: ${{ env.REGISTRY_NAME }} + oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + features-content: ${{ secrets.FEATURES_CONTENT }} server-tag: ${{ env.SERVER_TAG }} - registry-username: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - registry-password: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} - run: python3-dbg -m pytest ./new_tests working-directory: test @@ -166,10 +160,10 @@ jobs: - name: Run Aerospike server uses: ./.github/actions/run-ee-server with: - registry-name: ${{ env.REGISTRY_NAME }} + oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + features-content: ${{ secrets.FEATURES_CONTENT }} server-tag: ${{ env.SERVER_TAG }} - registry-username: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - registry-password: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} # -Werror: we need code coverage for code paths where warnings are treated as errors # TODO: currently this doesn't seem to work though @@ -287,7 +281,7 @@ jobs: type: - sanitizer - dont_validate_keys - - lowest_supported_server_version + # - lowest_supported_server_version fail-fast: false runs-on: ubuntu-22.04 needs: build @@ -329,12 +323,13 @@ jobs: echo ASAN_OPTIONS='detect_stack_use_after_return=1:detect_leaks=0' >> $GITHUB_ENV echo LD_PRELOAD=$(gcc --print-file-name=libasan.so) >> $GITHUB_ENV - - uses: ./.github/actions/run-ee-server + - name: Run Aerospike server + uses: ./.github/actions/run-ee-server with: - registry-name: ${{ env.REGISTRY_NAME }} - server-tag: ${{ matrix.type == 'lowest_supported_server_version' && vars.LOWEST_SUPPORTED_SERVER_VERSION || env.SERVER_TAG }} - registry-username: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - registry-password: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} + oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + features-content: ${{ secrets.FEATURES_CONTENT }} + server-tag: ${{ env.SERVER_TAG }} - if: ${{ matrix.type == 'dont_validate_keys' }} run: crudini --existing=param --set config.conf input-validation validate_keys false @@ -390,14 +385,8 @@ jobs: - name: Install test dependencies run: pip install -r test/requirements.txt - - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 - with: - registry: ${{ env.REGISTRY_NAME }} - username: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - password: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} - - name: Run Aerospike server - run: docker run -d --name aerospike -p 3000-3002:3000-3002 -e DEFAULT_TTL=2592000 ${{ env.REGISTRY_NAME }}/aerospike/aerospike-server:${{ env.SERVER_TAG }} + run: docker run -d --name aerospike -p 3000-3002:3000-3002 -e DEFAULT_TTL=2592000 aerospike/aerospike-server:${{ env.SERVER_TAG }} - name: Create config.conf run: cp config.conf.template config.conf @@ -408,9 +397,15 @@ jobs: container-name: aerospike - name: Run tests - run: python -m pytest ./new_tests -vv -W error::pytest.PytestUnraisableExceptionWarning + run: python -m pytest ./new_tests -svv -W error::pytest.PytestUnraisableExceptionWarning working-directory: test + - name: Show logs if failed + if: ${{ failure() }} + run: | + docker container logs aerospike + cat ./configs/aerospike.conf + test-ee: runs-on: ubuntu-22.04 needs: build @@ -440,11 +435,12 @@ jobs: run: pip install -r test/requirements.txt - uses: ./.github/actions/run-ee-server + id: run-ee-server with: - registry-name: ${{ env.REGISTRY_NAME }} + oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + features-content: ${{ secrets.FEATURES_CONTENT }} server-tag: ${{ env.SERVER_TAG }} - registry-username: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - registry-password: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} - name: Run tests # -s: we want to check that the test_create_pki_user test case passes or raises an exception as expected @@ -455,7 +451,7 @@ jobs: - name: Show logs if failed if: ${{ failure() }} run: | - docker container logs aerospike + docker container logs ${{ steps.run-ee-server.outputs.container-name }} cat ./configs/aerospike.conf test-metrics: @@ -514,24 +510,17 @@ jobs: name: wheel-${{ env.LOWEST_SUPPORTED_PY_VERSION }} - run: python3 -m pip install *.whl - - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 - with: - registry: ${{ env.REGISTRY_NAME }} - username: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - password: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} - - - uses: ./.github/actions/run-ee-server - if: ${{ startsWith(matrix.test-script-args, 'true') }} + - if: ${{ startsWith(matrix.test-script-args, 'true') }} + uses: aerospike/shared-workflows/.github/actions/setup-aerospike-server@48edf9ff59ab4da5f15915b22d8895f19ce7fd55 with: - registry-name: ${{ env.REGISTRY_NAME }} - server-tag: ${{ env.SERVER_TAG }} - registry-username: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - registry-password: ${{ env.REGISTRY_NAME == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} - # The user agent can also send the client's username if app-id is not set by the client - env-vars: 'SECURITY=1' + enable-security: "true" + num-nodes: 1 + oidc-provider: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + server-tag: "8.0" - if: ${{ startsWith(matrix.test-script-args, 'false') }} - run: docker run -d -p 3000:3000 --name aerospike -e DEFAULT_TTL=2592000 ${{ env.REGISTRY_NAME }}/aerospike/aerospike-server:${{ env.SERVER_TAG }} + run: docker run -d -p 3000:3000 --name aerospike -e DEFAULT_TTL=2592000 aerospike/aerospike-server:${{ env.SERVER_TAG }} - if: ${{ startsWith(matrix.test-script-args, 'false') }} uses: ./.github/actions/wait-for-ce-server-to-start @@ -543,5 +532,5 @@ jobs: run: ./test-user-agent-e2e.bash ${{ matrix.test-script-args }} working-directory: test/standalone - - if: ${{ !cancelled() }} - run: docker logs aerospike + # - if: ${{ !cancelled() }} + # run: docker logs aerospike diff --git a/.github/workflows/stage-tests.yml b/.github/workflows/stage-tests.yml index c6292eb35d..d752cad2b7 100644 --- a/.github/workflows/stage-tests.yml +++ b/.github/workflows/stage-tests.yml @@ -5,6 +5,10 @@ name: Stage tests # The purpose is to test that our artifacts work on the Linux distros / OS versions that the client supports # and QE doesn't have enough disk space for more Linux distros, so we have some tests here in Github Actions +permissions: + contents: read + id-token: write + on: workflow_call: inputs: @@ -31,9 +35,13 @@ on: default: 'aerospike/aerospike-server-enterprise' server-tag: type: string - required: false - default: 'latest' + required: true description: 'Server docker image tag' + test-file: + required: false + default: '' + type: string + description: 'new_tests/' test-macos-x86: required: false type: boolean @@ -41,8 +49,8 @@ on: description: 'Test macOS x86 wheels (unstable)' env: - REGISTRY_USERNAME: ${{ inputs.registry-name == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - REGISTRY_PASSWORD: ${{ inputs.registry-name == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} + REGISTRY_USERNAME: ${{ inputs.registry-name == secrets.QE_DOCKER_REGISTRY_URL && secrets.QE_DOCKER_REGISTRY_USERNAME || '' }} + REGISTRY_PASSWORD: ${{ inputs.registry-name == secrets.QE_DOCKER_REGISTRY_URL && secrets.QE_DOCKER_REGISTRY_PASSWORD || '' }} jobs: linux-distro-tests: @@ -117,16 +125,15 @@ jobs: - uses: ./.github/actions/run-ee-server with: - registry-name: ${{ inputs.registry-name }} - registry-username: ${{ env.REGISTRY_USERNAME }} - registry-password: ${{ env.REGISTRY_PASSWORD }} - image-name: ${{ inputs.image-name }} + oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + features-content: ${{ secrets.FEATURES_CONTENT }} server-tag: ${{ inputs.server-tag }} where-is-client-connecting-from: 'separate-docker-container' - name: Run distro container # Run distro container on host network to access the Aerospike server using localhost (without having to change config.conf) - run: docker run --detach --network host --platform ${{ env.DISTRO_DOCKER_IMAGE_PLATFORM }} --name ${{ env.LINUX_DISTRO_CONTAINER_NAME }} ${{ env.DISTRO_DOCKER_IMAGE_AND_TAG }} tail -f /dev/null + run: docker run --detach --network host -v /:/host:ro --platform ${{ env.DISTRO_DOCKER_IMAGE_PLATFORM }} --name ${{ env.LINUX_DISTRO_CONTAINER_NAME }} ${{ env.DISTRO_DOCKER_IMAGE_AND_TAG }} tail -f /dev/null - name: Copy repo (and artifact) to container run: docker cp . ${{ env.LINUX_DISTRO_CONTAINER_NAME }}:/aerospike-client-python @@ -176,7 +183,7 @@ jobs: run: docker exec --workdir /aerospike-client-python/test ${{ env.LINUX_DISTRO_CONTAINER_NAME }} python${{ env.PYTHON_VERSION }} -m ${{ env.PIP_INSTALL_COMMAND }} pytest -c requirements.txt - name: Run tests - run: docker exec --workdir /aerospike-client-python/test ${{ env.LINUX_DISTRO_CONTAINER_NAME }} python${{ env.PYTHON_VERSION }} -m pytest new_tests/ + run: docker exec --workdir /aerospike-client-python/test ${{ env.LINUX_DISTRO_CONTAINER_NAME }} python${{ env.PYTHON_VERSION }} -m pytest new_tests/${{ inputs.test-file }} macOS: if: ${{ inputs.test-macos-x86 }} @@ -234,10 +241,9 @@ jobs: - if: ${{ matrix.runner-os-and-arch[1] == 'x86_64' }} uses: ./.github/actions/run-ee-server with: - registry-name: ${{ inputs.registry-name }} - registry-username: ${{ env.REGISTRY_USERNAME }} - registry-password: ${{ env.REGISTRY_PASSWORD }} - image-name: ${{ inputs.image-name }} + oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + features-content: ${{ secrets.FEATURES_CONTENT }} server-tag: ${{ inputs.server-tag }} where-is-client-connecting-from: 'docker-host' @@ -251,7 +257,7 @@ jobs: - name: Run tests if: ${{ matrix.runner-os-and-arch[1] == 'x86_64' }} - run: python3 -m pytest new_tests/ + run: python3 -m pytest new_tests/${{ inputs.test-file }} working-directory: test - name: Run tests on macos 26 diff --git a/.github/workflows/update-version.yml b/.github/workflows/update-version.yml index a0424870a5..540a97fc9b 100644 --- a/.github/workflows/update-version.yml +++ b/.github/workflows/update-version.yml @@ -5,12 +5,22 @@ name: Update version in repo on: workflow_dispatch: inputs: + dry-run: + required: false + default: false + type: boolean + description: "Don't tag" new_version: type: string description: Version string to set in the repo required: true workflow_call: inputs: + dry-run: + required: false + default: false + type: boolean + description: "Don't tag" new_version: type: string description: Version string to set in the repo @@ -61,7 +71,7 @@ jobs: with: commit_message: 'Auto-bump version to ${{ inputs.new_version }} [skip ci]' commit_author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - tagging_message: ${{ inputs.new_version }} + tagging_message: ${{ !inputs.dry-run && inputs.new_version || '' }} branch: ${{ inputs.is_workflow_call && inputs.ref || github.ref }} - name: Output bump commit hash for next jobs to use diff --git a/.github/workflows/upload-to-jfrog.yml b/.github/workflows/upload-to-jfrog.yml index 052901073b..5c6bb139bc 100644 --- a/.github/workflows/upload-to-jfrog.yml +++ b/.github/workflows/upload-to-jfrog.yml @@ -3,6 +3,11 @@ name: Upload to JFrog on: workflow_call: inputs: + dry-run: + required: false + default: false + type: boolean + description: "Don't upload to jfrog" version: type: string required: false @@ -39,19 +44,22 @@ jobs: JF_URL: ${{ secrets.JFROG_PLATFORM_URL }} JF_ACCESS_TOKEN: ${{ secrets.JFROG_ACCESS_TOKEN }} + - if: ${{ inputs.dry-run }} + run: echo "DRY_RUN_FLAG=--dry-run" >> $GITHUB_ENV + - name: Upload manylinux builds from arbitrary branches to JFrog generic repo if: ${{ inputs.jfrog-repo-name == vars.JFROG_GENERIC_REPO_NAME }} - run: jf rt upload "*manylinux*" ${{ vars.JFROG_GENERIC_REPO_NAME }}/${{ github.ref_name }}/ + run: jf rt upload $DRY_RUN_FLAG "*manylinux*" ${{ vars.JFROG_GENERIC_REPO_NAME }}/${{ github.ref_name }}/ working-directory: artifacts - name: Upload passing builds to JFrog PyPI repo if: ${{ inputs.jfrog-repo-name == vars.JFROG_REPO_NAME }} # Source path must be in quotes if it contains an asterisk # https://github.com/jfrog/jfrog-cli/issues/1775#issuecomment-1348986551 - run: jf rt upload --build-name python-client --build-number $NEW_VERSION "artifacts/*" ${{ vars.JFROG_REPO_NAME }}/aerospike/$NEW_VERSION/ + run: jf rt upload $DRY_RUN_FLAG --build-name python-client --build-number $NEW_VERSION "artifacts/*" ${{ vars.JFROG_REPO_NAME }}/aerospike/$NEW_VERSION/ env: NEW_VERSION: ${{ inputs.version }} - name: Publish build info if: ${{ inputs.jfrog-repo-name == vars.JFROG_REPO_NAME }} - run: jf rt build-publish python-client ${{ inputs.version }} + run: jf rt build-publish $DRY_RUN_FLAG python-client ${{ inputs.version }} diff --git a/.github/workflows/valgrind.yml b/.github/workflows/valgrind.yml index f7fbaaf171..636f88cccd 100644 --- a/.github/workflows/valgrind.yml +++ b/.github/workflows/valgrind.yml @@ -1,6 +1,12 @@ name: Valgrind run-name: Valgrind (registry-name=${{ inputs.registry-name }}, server-tag=${{ inputs.server-tag }}, test-file=${{ inputs.test-file }}, massif=${{ inputs.massif }}) +permissions: + contents: read + id-token: write + statuses: write + packages: read + on: workflow_dispatch: inputs: @@ -19,9 +25,8 @@ on: description: Image name default: 'aerospike/aerospike-server-enterprise' server-tag: - required: false + required: true description: Server tag - default: latest massif: type: boolean description: 'Use massif for testing memory usage' @@ -164,10 +169,9 @@ jobs: - name: Run EE server uses: ./.github/actions/run-ee-server with: - registry-name: ${{ inputs.registry-name }} - registry-username: ${{ inputs.registry-name == 'docker.io' && secrets.DOCKER_HUB_BOT_USERNAME || secrets.QE_DOCKER_REGISTRY_USERNAME }} - registry-password: ${{ inputs.registry-name == 'docker.io' && secrets.DOCKER_HUB_BOT_PW || secrets.QE_DOCKER_REGISTRY_PASSWORD }} - image-name: ${{ inputs.image-name }} + oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }} + oidc-audience: ${{ vars.OIDC_AUDIENCE }} + features-content: ${{ secrets.FEATURES_CONTENT }} server-tag: ${{ inputs.server-tag }} - run: sudo apt-get update diff --git a/test/standalone/test-user-agent-e2e.bash b/test/standalone/test-user-agent-e2e.bash index 7f1f2a5202..db309002a8 100755 --- a/test/standalone/test-user-agent-e2e.bash +++ b/test/standalone/test-user-agent-e2e.bash @@ -21,7 +21,7 @@ python3 "$python_background_script_name" "$@" & use_security_credentials="$1" if [[ "$use_security_credentials" == "true" ]]; then - CREDENTIALS="-U superuser -P superuser" + CREDENTIALS="-U admin -P admin" fi server_version=$(docker run --network host aerospike/aerospike-tools asinfo $CREDENTIALS -v "build") @@ -57,7 +57,7 @@ if [[ $# -eq 2 ]]; then # app_id was explicitly set in client config expected_app_id="$2" elif [[ "$use_security_credentials" == "true" ]]; then - expected_app_id="superuser" + expected_app_id="admin" else expected_app_id="not-set" fi